I am trying to setup a user account that only has as minimal rights as possible.

The user should be able to log in via SSH and then use the "su" command to get root access BUT nothing else.

Is this even possible? So no basic commands like "cd", "ls" or "mkdir" should be available! The user should only be able to see one empty folder and then be able to use the "su" command to get full system access of the real OS (if chroot is used to achieve this).

Thanks for your answer! Maybe I wrote my question a bit unclear. Your answer is a way in the right direction - but not quite what I had in mind. The point of this should be the following: I already changed the sshd_config file so that root is not able to log in via SSH - but sometimes I need root access over SSH, therefore I created a user that should only be able to log in via SSH and then use the su command to give me full access. This is the only user that can connect via SSH and this specific user should be able to do as less as possible. Is this possible - or is another approach better?
–
Walter IsaacJan 19 '13 at 20:20

1

That is perfectly fine. You use ssh to log in as that specific user. If you set up ssh as described, ssh automatically runs su for you which asks you for the root password. There is no shell in between, therefore you cannot run anything else with this setup.
–
michasJan 19 '13 at 20:27